CVEDB API

Vulnerabilities

Vulnerable Software

Jenkins: >> Matrix Authorization Strategy >> 2.0 Security Vulnerabilities

CVE-2026-42521

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.

CVSS Score

6.5

EPSS Score

0.001

Published

2026-04-29

CVE-2021-21623

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.

CVSS Score

6.5

EPSS Score

0.001

Published

2021-03-18

CVE-2020-2226

Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.

CVSS Score

5.4

EPSS Score

0.001

Published

2020-07-15

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Matrix Authorization Strategy >> 2.0 Security Vulnerabilities

Products

Pricing

Contact Us